Okta
Steps:
Log into your Okta Account as an Administrator
Switch to Okta Legacy View
3. Go to Applications and Click Add Application
4. Select SAML 2.0, click Create
5. Add “Allstacks” Name and Logo, click Next
6. In another window, log into Allstacks and open the organization settings menu. “Allstacks” will be replaced with your organization name. Click “configure” in the SSO settings section.
7. Copy your Allstacks SAML SSO URL from this view.
8. Back in Okta:
a. Paste the URL into the Single sign on URL field and Audience URI field. (Keep this URL noted somewhere for debugging later)
b. Enter “/” into the Default RelayState Field
c. Select “Email” in the Application Username selector
d. Define Allstacks SAML Attribute Mapping Fields
i. Enter email, first_name, last_name, and role into the Attribute Statements fields as shown below. If your organization’s SAML attributes are different, use those here.
ii. Set all formats to Basic.
iii. Select user.<field> from the value selectors as shown below.
e. Click Save.
9. On the “Feedback” tab, Select “I’m an Okta customer adding an internal app” and click Finish
10. Click the SAML 2.0 “View Setup Instructions” to get the Identity Provider URLs and Cert.
11. Back on the Allstacks SSO settings page, copy the given values from Okta as shown
12. Enter your SAML Attribute mapping here, using either the default names show above or your organization’s pre-existing field names.
13. If you wish to control Allstacks user roles from a field in Okta, Enable Allstacks Role Assignment and provide the names of existing Okta roles that will map to the appropriate roles in Allstacks.
Otherwise, existing users will keep existing roles and new users created via single sign-on will be set to “Data Viewer” which can be adjusted afterword in the Allstacks application. You can turn on role mapping at a later date.
Sample role configuration example:
In your organization’s Okta configuration, you send the user’s role in the “role” SAML attribute and you want a role named Owner to be an Owner in Allstacks, etc, enter roles below.
14. Assign appropriate users to the Allstacks application in Okta
15. Return to your Okta dashboard and click the Allstacks app to test auth flow
16. If you land in the Allstacks application, your configuration worked successfully.
17. If auth failed, you can request your Allstacks SSO URL manually to see any known configuration errors. In this example that URL was https://app.allstacks.com/saml/auth/451338a066aa4e82/
18. With SSO still disabled in the application, only Admins and Owners will be able to login with SSO for testing purposes. To enable SSO for all users in your organization: